Privacy Policy

This Privacy Policy describes how Niti (the “Service”), operated by Eequate, collects, uses, and safeguards the personal information of travel agencies (our “Customers”) who subscribe to the platform, and the travellers, suppliers, and other individuals whose data Customers process inside the platform.

Niti acts as a data processor for the personal data Customers upload about their own clients and suppliers. The Customer remains the data controller for that data. Niti acts as a data controller for the personal data of Customer account holders themselves (sign-up details, billing, sign-in logs).

1. Information we collect

Account information. Name, work email, agency name, agency phone, password (hashed), country, and chosen plan.

Usage data. IP address, browser type and version, pages visited inside the platform, timestamps, and audit-trail events for compliance purposes.

Customer-supplied data. Information Customers enter into the platform about their own clients (name, contact details, passport number, travel preferences, payment records), suppliers (hotels, transport, activities), itineraries, quotes, and invoices.

Cookies. We use a small number of cookies for authentication, session management, CSRF protection, and remembering active marketing promo codes. We do not use third-party advertising cookies.

2. How we use information

We use personal information to provide and improve the Service, authenticate users, send transactional and operational emails, generate invoices, surface marketing promotions you have explicitly opted into, prevent abuse, and respond to support requests.

We do not sell or rent personal data. We do not use Customer-supplied traveller data to train any AI model.

3. AI features

Some features (the AI itinerary builder, AI suggestion tools) send the relevant slice of itinerary or inquiry data to a third-party AI provider for processing. Requests are scoped to only the data needed for the operation, are not retained by the provider beyond the immediate processing, and are not used for model training.

4. Sharing & sub-processors

We share personal information with carefully selected sub-processors who help us run the Service (cloud hosting, transactional email delivery, payment processing, AI inference, and place-data autocomplete). All sub-processors are contractually obligated to protect personal data and may only use it to provide their service to Niti.

We disclose personal data to law enforcement only when legally compelled to do so.

5. Data retention

Active Customer data is retained for as long as the account is active. Cancelled accounts have their data retained for 90 days to allow reactivation, after which it is permanently deleted. Audit-trail records are retained for at least 12 months for compliance purposes. Customers may request earlier deletion of any specific record at any time.

6. Security

We protect personal data with TLS encryption in transit, encryption at rest for backups, hashed and salted password storage, optional two-factor authentication (TOTP and email OTP), signed and time-limited URLs for client-facing share links, role-based permissions inside the agency workspace, and full audit logging of every change to a record.

7. Your rights

You may request access to, correction of, or deletion of personal data we hold about you. You may export your account data at any time via the platform’s export tools. To exercise these rights, contact us at the email address below.

8. International transfers

Niti is operated from Sri Lanka. By using the Service you consent to your personal data being transferred to and processed in Sri Lanka and any other country where our sub-processors operate, subject to appropriate safeguards.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active account holders by email at least 14 days before they take effect. The “Last updated” date at the top of this page is always the most reliable indicator.

10. Contact

Questions about this policy or any personal data we hold about you can be sent to privacy@niti.travel.